Configure VPN Profiles

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

Okta Mobility Management (OMM) can provision password-based, device-wide VPN configurations directly to devices without requiring IT to duplicate infrastructures or implement application proxies and gateways. Okta uses the native VPN capabilities built into the mobile operating system to leverage existing VPN solutions and enable easy access to on-premises resources. ClosedNotes:.

  • The OMM menu is available only to orgs that implement Okta Mobility Management (OMM).
  • Currently, this feature is available only for iOS devices.
  1. Go to OMM > VPN.
  2. Click Add Device VPN.
  3. Select a VPN clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .

    Support Announcement: Apple no longer supports PPTP or Juniper VPN options. This is an Apple limitation.

  1. Configure your VPN client as described in one of the following procedures:

​Once VPN configurations (profiles) and the respective VPN mobile apps are pushed to OMM-enrolled devices, users can sign in to VPN and work remotely.

Note: The way that VPN profiles are pushed depends on the VPN password settings you configured above:

  • Delegated Authentication: VPN profiles are pushed when users are enrolled.
  • User sets password: VPN profiles are pushed when users are enrolled, an app user is assigned, or a VPN app instance setting is changed.
  • Password is same as Okta: VPN profiles are pushed when the user logs on.